Recall that AAA stands for Authentication, Authorization, and Accounting. Authentication is the process of verifying a userâs identity to determine whether the user should be allowed access to a device. Authorization is the act of limiting or permitting access to certain features within the device once a user has been authenticated. Accounting is the recording of actions taken by the user once she has been authenticated and authorized. In this section, I will cover only authentication, as it is the most commonly used feature offered by AAA.
To use AAA authentication on an IOS switch or router, you must perform the following steps:
Enable AAA by entering the
Configure security server information, if youâre using a security server. This step includes configuring TACACS+ and RADIUS information.
Create method lists by using the
Apply the method lists to interfaces or lines as needed.
In NX-OS, the commands are similar, but there is no
aaa new-model command.
To use the AAA features discussed here, youâll need to issue the
If you donât execute this command, the AAA commands discussed in this section will not be available. This step is not necessary in NX-OS.
Be careful when configuring AAA for the first time. You can easily lock yourself out of the router by enabling AAA authentication without configuring any users.